PatchSiren cyber security CVE debrief

CVE-2017-5977 Gdraheim CVE debrief

CVE-2017-5977 is a memory-safety issue in zziplib 0.13.62. A crafted ZIP file can trigger an invalid memory read in zzip_mem_entry_extra_block() inside memdisk.c, which can crash the process and cause denial of service. The record is rated CVSS 5.5 (medium) and mapped to CWE-125. The CVE description says remote attackers can trigger the issue, while the NVD CVSS vector also indicates local access and user interaction, so the safest interpretation is that handling untrusted ZIP content is the risky condition.

Vendor: Gdraheim
Product: CVE-2017-5977
CVSS: MEDIUM 5.5
CISA KEV: Not listed in stored evidence
Original CVE published: 2017-03-01
Original CVE updated: 2026-05-13
Advisory published: 2017-03-01
Advisory updated: 2026-05-13

Who should care

Teams that use zziplib 0.13.62 or embed it in software that opens or indexes untrusted ZIP files should pay attention, especially desktop apps, document viewers, archive utilities, and any service that parses user-supplied archives.

Technical summary

The vulnerable path is zzip_mem_entry_extra_block() in memdisk.c. According to the NVD record and linked advisory material, a crafted ZIP file can lead to an invalid memory read and a crash. NVD classifies the weakness as CWE-125 and lists the affected CPE as gdraheim:zziplib:0.13.62. The NVD CVSS v3.0 vector is AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H, which means the main impact is availability rather than confidentiality or integrity.

Defensive priority

Medium. This is not a code-execution issue in the supplied record, but it can still disrupt applications that process attacker-controlled archives. Prioritize remediation where ZIP ingestion is exposed to untrusted content or where crashes would be operationally significant.

Recommended defensive actions

Upgrade zziplib from 0.13.62 to a version that includes the vendor fix or backport the fix from a maintained package source.
Treat ZIP archives from untrusted or external sources as high-risk input and reduce or isolate where they are processed.
Add crash monitoring and logging around archive parsing so repeated invalid-memory-read failures are visible.
If you cannot patch immediately, restrict the feature set or deployment paths that invoke zziplib on user-controlled ZIP content.
Validate that downstream products and packaged dependencies do not still ship the vulnerable 0.13.62 build.

Evidence notes

Primary evidence comes from the official NVD CVE record and its linked references. The record states that zzip_mem_entry_extra_block() in memdisk.c in zziplib 0.13.62 allows attackers to cause a denial of service via a crafted ZIP file, and it maps the issue to CWE-125. The NVD metadata lists the vulnerable CPE gdraheim:zziplib:0.13.62 and CVSS v3.0 vector AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H. Linked references include the openwall oss-security post, SecurityFocus BID 96268, and a Gentoo blog write-up describing an invalid memory read in zzip_mem_entry_extra_block().

Official resources

CVE-2017-5977 CVE record
CVE.org
CVE-2017-5977 NVD detail
NVD
Source item URL
nvd_modified
Mitigation or vendor reference
[email protected] - Mailing List, Third Party Advisory
Source reference
[email protected]
Mitigation or vendor reference
[email protected] - Exploit, Third Party Advisory

Publicly disclosed in 2017-03-01 per the supplied CVE published date. No KEV listing is provided in the supplied corpus.